Privacy Policy
This policy covers crownmediagroup.co, the AI Tools store, Kingdom Sound (music services), Kingdom Edge (trading research + bot), and the Crown Media CRM. We've written it in plain English. If anything is unclear, email [email protected].
1. What we collect — and why
You give us directly:
- Email address — to deliver products, send receipts and license certificates, and (with your consent) marketing emails. Required for every purchase.
- Business name — optional, for invoice and license-certificate personalization.
- Payment information — handled directly by Stripe. We never see or store your card number; we only see the last four digits, the country, and the transaction status.
- Project briefs (Kingdom Sound) — the description, references, and use-case info you submit when commissioning custom music. Stored so we can deliver the project; deletable on request after delivery.
- Watchlists + strategies (Kingdom Edge) — the tickers and strategy choices you configure for the trading bot.
- Alpaca API keys (Kingdom Edge Paper Trader and Live Trader tiers) — encrypted server-side with AES-256-GCM. The decryption key is held only in Netlify's environment, never in the database. The bot uses the keys to place trades on your own Alpaca account. We can never withdraw your funds — the API permission scope only allows reading and placing orders.
Collected automatically when you visit:
- Essential cookies — session state, referral attribution (cmg_ref), checkout state. These are required for the site to work and don't require consent.
- Analytics (only with your consent) — when you choose "Accept all" on the cookie banner, we load Google Tag Manager so we can understand which pages are popular. You can change your choice anytime via the banner.
- IP address and user agent — used briefly in server logs for abuse prevention. Hashed before storage where practical; never sold.
Collected via the Kingdom Reach outreach system (only if you are a recipient of a Crown Media Group email):
- Email open / click events via a tracking pixel and link redirect. You can unsubscribe from any campaign email and we will permanently exclude you from future sends.
2. Where your data is stored
| Service | What it holds | Region |
|---|---|---|
| Supabase (Postgres + Storage) | orders, subscriptions, watchlists, encrypted Alpaca keys, music files, license certificates | US East |
| Stripe | payment info + transaction records | Global (PCI compliant) |
| Resend | transactional emails + delivery logs | US |
| Polygon.io | market data lookups (no PII) | US |
| Anthropic | AI summarization of public market data (no PII sent) | US |
| Alpaca | your brokerage account — we send orders via your own API keys | US (regulated broker-dealer) |
| Netlify + Fly.io | application hosting + ephemeral logs | US |
3. How long we keep it
- Active subscriptions / orders: for as long as you're an active customer + 90 days after cancellation, so we can answer support questions, generate refunds, and meet tax / accounting obligations.
- Music license certificates: stored permanently — they prove your ongoing usage rights. We do not delete these.
- Alpaca API keys (encrypted): deleted immediately when you cancel your Kingdom Edge subscription or revoke the connection from your dashboard.
- Outreach (Kingdom Reach): contact records are retained as long as the campaign is active. Unsubscribes are retained permanently so we don't accidentally email you again.
- Tax records and Stripe transactions: 7 years (US accounting requirement).
4. Who we share data with
We do not sell, rent, or trade your personal data. We share only what's required to run the service:
- Stripe (payment processing)
- Resend (email delivery)
- Alpaca (when the bot places a trade on your behalf, on your own account)
- Supabase + Netlify + Fly.io (hosting infrastructure)
- Law enforcement, only when legally required by a valid subpoena or court order
5. Your rights
- Access — email us; we'll send you a copy of the data we hold about you within 30 days.
- Delete — email us to request deletion. We'll honor it within 30 days, except where law requires retention (tax records, etc.).
- Correct — email us with the correction. Or change it yourself via the relevant dashboard (Edge dashboard, music intake, etc.).
- Withdraw consent — for marketing emails: click Unsubscribe in any email. For analytics: use the cookie banner.
- Export — we'll provide an export of your data on request.
EU / UK residents: the legal basis for processing is contract performance (for purchases) and legitimate interest (for fraud prevention, analytics with consent). California residents: same rights as above; "Do Not Sell" is automatic — we never sell.
6. Security
We follow industry-standard practices: TLS encryption in transit, AES-256 encryption at rest for sensitive secrets (Alpaca keys), least-privilege access to production systems, no plaintext passwords (bcrypt hashed), Stripe webhook signature verification, and parameterized queries to prevent SQL injection. We are not a bank or RIA — see our Terms and Edge Risk Disclosure.
If you discover a security issue, please email [email protected] — we read every report.
7. Children
Crown Media Group's services are not directed at children under 13. We do not knowingly collect data from anyone under 13. If you believe we have, email us and we will delete it.
8. International transfers
Our service runs from servers in the United States. If you access it from outside the US, your data will be transferred to the US for processing under standard contractual safeguards.
9. Changes
We'll update this policy as the product evolves. Material changes will be notified by email to active customers at least 7 days before they take effect.
10. Contact
Crown Media Group / All Glory to Jesus Global LLC
Columbia, SC, USA
[email protected]
"Whatever you do, work at it with all your heart, as working for the Lord, not for human masters." — Colossians 3:23